A majority of respondents report at least some progress towards controlling the proliferation of mobile devices, or at least ensuring some security on devices allowed to connect to company networks. Yet, a large minority--33 percent--either have no policies yet or don't control which devices are allowed on their networks.

Sixty percent of IT managers say they use wireless access points or network access control (NAC), or only allow mobile devices that they issue with pre-installed security and management tools. However, 26 percent haven't developed policies for mobile devices yet, and 7 percent have policies but don't actively enforce them.

Similarly, 19 percent of business managers say they only allow authorized devices, while 25 percent only allow devices they've issued and pre-configured. However, 36 percent report that anyone can bring whatever devices they like to work.

Software to provide at least minimum levels of anti-malware and encryption are readily available. The tools to enforce that devices lacking protection are not allowed to connect to the network are also easy to find, and often built into wireless access points.

Therefore, managers should be looking at the potential for lost or stolen data that could be exposed via mobile devices. They should measure the costs of enforcing a mobile device security policy against the possible costs of re-creating data or handling a lawsuit or legal investigation, should data be compromised. Given that lawsuits or legal penalties can run into millions of dollars, there's really no excuse not to at least consider managing the mobile devices that can access your network.